+ Reply to Thread
Results 1 to 2 of 2
  1. Junior Member
    Join Date
    Sep 2010
    Posts
    24
    #1

    Default Deploying AAA Radius on working infrastructure

    Hello,


    Getting ready to deploy radius centralized authentication and authorization model to current DC network which now is based on local auth. I've some thoughts how to enable ir safely and not end into lockout situation. For example on different IOS devices make sure that i've console connection. Configure AAA methods not with default lists, but with explicitly named and enable it first on VTY lines and see If's working correctly. Also, always leave one session open and try to do new session with new tab. If everything is OK, do it on console line. Also IOS XRs've commit confirmed options.
    Maybe you've some other practical advices ?


    Thanks
    Reply With Quote Quote  

  2. Senior Member ccnpninja's Avatar
    Join Date
    Feb 2007
    Location
    Tunisia, North Africa
    Posts
    983

    Certifications
    a few
    #2
    Get yourself a couple of sample devices to practice with. Do trial-and-error configurations with the named AAA Method lists. First don't use neither authentication nor authorization on the console.
    AAA can be tricky if you don't understand what the commads do. So take the time to learn that. The CCNA Security level books could help you with that.
    Once you tested your config (don't forget a fallback method to Local) on the lab, do it on a small scale and increase the diameter until full scale.

    I hope you get the idea.
    من طلب عزائم الأمور ، هان عليه بذل النفس فيها - محمد إبن ابي عامر
    www.keyboardbanger.com
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks